as a workaround to this, less than ideal but works :) i want to have HAproxy listen on port 80 and 443 which is why this request came about so i disabled https for the webgui and set the http port to a random port i then used HAproxy to terminate the SSL for the firewall admin interface and then pass back to the admin interface port for the firewall hostname now i can also add other listeners to create an SSL terminating reverse proxy gateway to internal resources as i wanted to do in the first place. not keen on the webgui either being HTTP only or requiring HAproxy to be working to access but its not a huge trainsmash for me in either case

It turns out the problem was you MUST authenticate to do an extended search.  There is no indication of denied access as anonymous user in a normal 389DS setup.  So, of course I assumed the search was permitted.  :-[ I posted revised instructions in the documentation sub-forum.

Same here, all ipv6 shown as remote.

I updated to Sierra 10.12.6 & Safari 10.1.2 today and gave 2.3.4-RELEASE-p1 (i386) another test.  Sure enough the graph rendering problem went away.  Thanks for the tip NogBadTheBad.

here you find a german blog entry. maybe the screenshots do help somebody else. https://www.hagen-bauer.de/2017/07/pfsense-radius.html

And sure you can open from lan you wan IP and the gui, unless you create rules to prevent that.. As stated already post up your lan rules.

Can i know what command that you use to install mysql on pfsense

This ended up being a few things, but mostly a failed Authentication Server (and resolution of the actual Auth Server, and route to the relevant Auth Server, and then certificates). A clue was the periodic 25s latency, which also corresponds to the Auth Server Timeout (and occurs when the Auth server is queried in Round Robin via DNS). Or that this was only affecting Remote auth'ed users, instead of those using the Local Database.

@kschmidta: When firewall is functioning normally, when I input my user creds, I am directed to the menus. With ssh? Whenever I create a user (in the admin group) and ssh in, I drop to a : shell, not the menu.

I guess that's what is happening. It is good to know then that if you leave your pfsense GUI on the home page it will not log you out after automatically. Since this could be a security problem I hope it will log you out when page was closed completely without glitch.

Strange question. Every navigator on earth has a possibility to show the 'source code' which will show you the ….. html used to show the page. Looking at the html, I found the image file right away : /logo.png ... and if you know what style sheets (css) are, you will also find out that /logo-black.png is also used on the login page. The web server's (GUI) root directory is /usr/local/www

BUMP!

Suggest a trust validated chain with the following items; a self-signed Root Certificate Authority (Root-CA), intermediate CA (Sub-CA), and SSL server certificate. Install Root-CA into Trusted Root Certificate Store, install Sub-CA into Intermediate Trusted Store, and replace default webConfigurator (Server) certificate with new SSL server certificate. Edit: The above solution works with v2.3.x however v2.4-RC requires Alternative Names to be entered including IP address (pfsense) on internal certificate (Server). Internal CA Intermediate CA Certificate (Server) IP address (pfSense) FQDN

@ljorgensen: deleted all <rrddata>elements in the config.</rrddata> This time I did it with viconfig and they stayed gone. Things are much faster now. How did they end up there in the first place? I have reinstalled it on newer hardware a couple of times from a backup with rrddata in the config. I thought it was supposed to remove that data after restore.

Hi there guys. There is a working widget for this if this is what you are wanting. 1 kind member had previously done work on it here and it was just updated yesterday by another kind member. https://forum.pfsense.org/index.php?topic=97823.0 Just follow the thread and it should all work out for you guys too! Cheers.

Heya I know it's picky, but if you wanted to maybe do it as you managed to do this so quick (I am no programmer myself sadly but will eventually get round to learning). Would it be hard to get the status's to show red or green for online and offline like the original version was? I imagine that's what the script was doing partially? I dunno, just a suggestion. I am very thankful someone chimed in and updated this as I am sure many others will appreciate this widget ounce again! Cheers guys!

3 years since the original post and as of 2.3.4 this issue persists.  I ran into this yesterday and had to put my own DHCP server on the WAN to get that interface to DHCP an IP so that webConfigurator would even start. I need webConfigurator to make changes to the WAN so it would actually connect to my ISP.  Major catch 22 here.  Why on earth would webConfigurator fail because it can't bind to the WAN IP of 0.0.0.0?.  That's absurd.  It should always bind to the (surely static) LAN address irrespective of what's going on with the WAN, up, down, misconfigured, or whatever. I keep wanting to contribute to the project financially and recommend pfSense to clients but every time I turn around, there's a new bug that's years old in my exceptionally basic home setup. For anyone else with this issue, you just need to be certain that your WAN gets an IP on startup, via whatever absurdity you have to pull in the shell to make it happen.

@johnpoz: Or you could just use blacklist in unbound..  That same yoyo.org link they listed has the list in unbound.. Just load the file into unbound and all the ad domains just get redirect to 127.0.0.1 This is very interesting. How would one load the list in unbound with a script, similar to the way we can load it into Squid with the script? It would appear it needs to be merged with /var/unbound/access_lists.conf, but how?